- Security researchers are discovering several flaws in services introduced a decade ago
- The flaws allow malicious actors to escalate their privileges and execute arbitrary code
- A patch is available and users are urged to apply it
Ubuntu Linux has had several high-severity vulnerabilities for a decade, allowing malicious actors to escalate their privileges to root without user intervention, experts warn.
Cybersecurity researchers Qualys found the bugs in the OS utility feature called ‘needrestart’, a utility that checks which services need to be restarted after an update or a change to the system libraries or binaries.
It is especially useful after applying security updates or upgrading packages, as it ensures that the updates are applied effectively without requiring a complete system restart.
Exploitable vulnerabilities
Needrestart can identify services that are using outdated libraries, request them to be restarted, and recommend a system restart if necessary. As a result, it helps maintain the security and stability of a system without the need for frequent reboots.
It was introduced in 2014 and maintained as a Debian package. It was vulnerable since the day of its creation, with Ubuntu Linux version 21.04. The five vulnerabilities in question are tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. The earliest vulnerable version of Needrestart is 0.8, and the earliest clean version is 3.8, which was released earlier this week.
More details about the vulnerabilities can be found herebut in short, they allow crooks to execute arbitrary code on vulnerable systems. The only requirement is that they have local access, either through malware or compromised accounts.
While this sounds like a solid solution, BleepingComputer recalls that attackers have also exploited similar privilege exploits in Linux in the past.
A notable example is Loony Tunables, which exploited the nf_tables bug. Needrestart is an extremely popular and widely used feature, and hackers are now likely to try to exploit it. Therefore, it is essential that users upgrade to version 3.8 or higher as soon as possible.
Via BleepingComputer